As part of my day-job, I perform a large number of DNS look-ups. Sometimes these are done to diagnose complex DNS issues and tests need to be run from various servers by various methods, but most of the time I’m simply looking for the current information to check everything is configured correctly.

If you’re not sure what DNS is, the Wikipedia article is a good place to start, but essentially every domain name has a number of records behind it (such as A records for web traffic, and MX records for email) which tell it where to direct certain types of traffic. When you type a domain into your web browser, it is DNS which translates this to the IP address of the server, allowing you to reach a website without having to know this information yourself.

I’ve used a wide variety of DNS look-up tools online, all of which have their pros and cons, but for a long time I’d been looking to build one of my own, which I could customize to my specific needs, so I set out to learn how they are built. My PHP skills are barely adequate, so this could also give me some much needed coding practice.

I started by creating a PHP script and adding a very simple HTML form, to provide somewhere for users to enter the domain they’re interested in and POST this ‘domain’ variable back to the script:

From this point, I wasn’t sure quite how PHP could be used to grab the relevant information on IP addresses and hostnames. Obviously this information is available to the server, so I’d imagined some kind of process where the system runs a dig or similar, then pipes the output back to the script. However this would be incredibly clunky. I soon discovered the dns-get-record function, which PHP can use to perform lookups on various DNS types.

To take the most basic example, if I want to return the IP addresses for the A records on a domain name, I can use the DNS_A parameter. In order to perform the look-up on the domain we entered into our form, we need to use $_POST[‘domain’] to grab the contents of the form we submitted and feed these into the dns-get-record command. As there are commonly multiple A records, we also start a foreach loop, to print the IP address for each one:

This might be adequate, but we also commonly want to know what the name of this server is, which we can get using the gethostbyaddr command. We set a variable of $hostname and feed each IP address into the foreach loop:

We can then clean our code up a little more, by sanitizing the input, and returning a value to inform the user when there are no results. We can use the trim command to strip initial and trailing blank characters (which happens often when you’re copying and pasting domain names in) and we can create an if statement which will return a message informing us if no records of that type exist:

We can then use the other parameters of the dns_get_record command to get other information, such as CNAME records, TXT records and MX records. I have included below an example of how the code can be adapted to obtain all of the mail-related MX records for a domain. You should consult the documentation on the function to see which specific arrays are available for each record type.

For example, MX records have a target address and – unlike A records – a priority, which tells mail servers which address to attempt delivery to in the first instance. Upon failure, delivery will be attempted at the next address:

The other functionality I wanted to include in my tool was a whois look-up. This is something which is slightly trickier to do in PHP, as whois is essentially its own protocol running on port 43. From all I’ve read, there doesn’t seem to be any ‘correct’ way to perform a whois look-up in PHP, as every method relies on connecting to the whois server for the top-level-domain (TLD) and manipulating the returned data.

The two primary ways of accessing whois data seem to be using the CURL or FOPEN functions in PHP to open a connection to a remote whois server. I have found that FOPEN seems to work far better for accessing all of the different servers, as I found CURL struggled with the .org and .info servers.

Given that any script requires a manual list of whois servers for each TLD, it is probably better to use an existing script and adapt this for your needs. The only issue is that it is very rare to find a script which has no bugs present. I experimented with a few scripts, some of which I spent hours trying to fix. I ended up using a class from 99webtools.com, which uses FOPEN. I made several modifications to this, including forcing it to return to the user the specific whois server it was using, so they are aware of where the information is coming from. My own script then simply passes the $domain variable to the whois script.

You’ll also need to ensure you update your script as new TLDs are released. For example, I had to add the whois server for .io domains, as this was missing from the script on 99webtools.

Two other things I learnt whilst playing around with whois in PHP is to use the <pre> tag in the HTML to return the data in the exact format it is sent by the whois server (as the servers return pre-formatted text) and I found a neat CSS fix to prevent the text leaping outside of the tables I’d built. The other thing I found is that the whois server for .com domains – unlike any other – performs a wildcard search by default. So when you search for a popular domain such as google.com, many irrelevant results are returned, as they happen to contain the ‘google.com’ string inside them somewhere. Most of the scripts I found were vulnerable to this bug, but it is easy enough to fix using an if statement to prefix the word domain to the search string, where it is being sent to a .com whois server (eg: “domain google.com”).

Here’s my completed DNS tool searching for this domain:

I hope this has proved a useful introduction to performing your own DNS and Whois look-ups with PHP. The code I’ve written above can be used as a useful start on building your own DNS tool which you can then customize to your hearts content. If you have any questions, please comment below.

23 comments so far

Hello Jonathan. I am new to this field of analyzing dns lookup. If you could provide me with the source code i would get a better insight on this. Could you please provide me with the complete source code it would help me a great deal.
Thank you

Sven said: 2015.03.06 22:26

Hey Jonathan , you can send me the code of your DNS look-up tool?

Thanks

Max said: 2015.03.30 19:52

I’m interested too, may we have the code? Thanks!

Al said: 2015.06.19 14:16

Me too if that’s OK…?

Dan said: 2015.07.21 10:48

Please send me the source too if that is alright, I am really interested to see how it all links together!

Hi Jonathan,
Great post , I found it when searching for a method to create a web page that does a nameserver lookup. Are you able to share that part of your code ?
thanks
Chris

Yoann said: 2015.10.22 19:30

Hi Jonathan,
Thank you a lot for your article. I manage to to make some check.
But i didn’t success to properly display the result (css etc…)
Please can you send me your code that i can fix that.
It would be greatly appreciate.
Yoann

Wes Brown said: 2015.11.12 03:18

Hi

Your WHOIS PHP script is brilliant, is there a chance you could send me the source code?